GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
10 advisories
Reactor Netty HTTP Server denial of service vulnerability
High
CVE-2023-34054
was published
for
io.projectreactor.netty:reactor-netty-core
(Maven)
Nov 28, 2023
Bouncy Castle Denial of Service (DoS)
Moderate
CVE-2023-33202
was published
for
org.bouncycastle:bcpkix-jdk18on
(Maven)
Nov 23, 2023
In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack
High
CVE-2023-34062
was published
for
io.projectreactor.netty:reactor-netty-http
(Maven)
Nov 15, 2023
Apache Tomcat Improper Input Validation vulnerability
Moderate
CVE-2023-45648
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 10, 2023
Apache Tomcat Incomplete Cleanup vulnerability
Moderate
CVE-2023-42795
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 10, 2023
SQL Injection in Hibernate ORM
Moderate
CVE-2019-14900
was published
for
org.hibernate:hibernate-core
(Maven)
Feb 10, 2022
SQL injection in hibernate-core
High
CVE-2020-25638
was published
for
org.hibernate:hibernate-core
(Maven)
Feb 9, 2022
Serialization gadgets exploit in jackson-databind
High
CVE-2020-35491
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Deserialization of untrusted data in Jackson Databind
High
CVE-2020-14062
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Jun 18, 2020
jackson-databind mishandles the interaction between serialization gadgets and typing
High
CVE-2020-10969
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Apr 23, 2020
ProTip!
Advisories are also available from the
GraphQL API